1. B. Johnson, Y. Song, E. Murphy-Hill, and R. Bowdidge, "Why don't software developers use static analysis tools to find bugs?" in 2013 35th International Conference on Software Engineering (ICSE). IEEE, pp. 18--26.
2. On the Discoverability of npm Vulnerabilities in Node.js Projects
3. F. Cheirdari and G. Karabatis, "Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools," in 2018 IEEE International Conference on Big Data (Big Data). IEEE, pp. 10--13.
4. M. Nadeem, B. J. Williams, and E. B. Allen, "High false positive detection of security vulnerabilities: a case study," in ACM-SE '12: Proceedings of the 50th Annual Southeast Regional Conference. New York, NY, USA: Association for Computing Machinery, Mar. 2012, pp. 359--360.
5. H. J. Kang, K. L. Aw, and D. Lo, "Detecting false alarms from automatic static analysis tools: how far are we?" in ICSE '22: Proceedings of the 44th International Conference on Software Engineering. New York, NY, USA: Association for Computing Machinery, May 2022, pp. 698--709.